[Pkg-gnupg-commit] [gnupg2] 133/180: g10: Use total days, not total messages to compute TOFU validity
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Dec 24 22:29:19 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit 4a2c210b75d4266e289712e73a42c286aabb07f0
Author: Neal H. Walfield <neal at g10code.com>
Date: Fri Dec 16 14:49:10 2016 +0100
g10: Use total days, not total messages to compute TOFU validity
* g10/tofu.c (write_stats_status): Use the number of days with
signatures / encryptions to compute the validity, not the total number
of signatures / encryptions.
(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
(FULL_TRUST_THRESHOLD): Likewise.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
---
g10/tofu.c | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/g10/tofu.c b/g10/tofu.c
index 5f92de6..2bded9e 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -49,12 +49,12 @@
#define CONTROL_L ('L' - 'A' + 1)
-/* Number of signed messages required to indicate that enough history
- * is available for basic trust. */
-#define BASIC_TRUST_THRESHOLD 10
-/* Number of signed messages required to indicate that a lot of
- * history is available. */
-#define FULL_TRUST_THRESHOLD 100
+/* Number of days with signed / ecnrypted messages required to
+ * indicate that enough history is available for basic trust. */
+#define BASIC_TRUST_THRESHOLD 4
+/* Number of days with signed / encrypted messages required to
+ * indicate that a lot of history is available. */
+#define FULL_TRUST_THRESHOLD 21
/* A struct with data pertaining to the tofu DB. There is one such
@@ -2883,19 +2883,19 @@ write_stats_status (estream_t fp,
{
int summary;
int validity;
- unsigned long messages;
+ unsigned long days;
/* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the
sum of the magnitudes (m = a + b) to ensure a balance between
verified signatures and encrypted messages. */
- messages = sqrtu32 (signature_count * signature_count
- + encryption_count * encryption_count);
+ days = sqrtu32 (signature_days * signature_days
+ + encryption_days * encryption_days);
- if (messages < 1)
+ if (days < 1)
validity = 1; /* Key without history. */
- else if (messages < 2 * BASIC_TRUST_THRESHOLD)
+ else if (days < 2 * BASIC_TRUST_THRESHOLD)
validity = 2; /* Key with too little history. */
- else if (messages < 2 * FULL_TRUST_THRESHOLD)
+ else if (days < 2 * FULL_TRUST_THRESHOLD)
validity = 3; /* Key with enough history for basic trust. */
else
validity = 4; /* Key with a lot of history. */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list